JP2016516228A - Access method and circuit device under control of slave unit in system on chip - Google Patents

Abstract

The present invention relates to a circuit arrangement and method for controlled access to slave units (S1, S2, S3, S4) in a so-called system-on-chip. Here, access to the slave unit by the access address (ZA) by the master unit (MA) of the system on chip is executed via the network on chip bus system (NoC). A memory protection unit (MPU) is incorporated between the at least one master unit and the network-on-chip bus system (1). With this memory protection unit, the access rights of the master unit to the slave units are checked by comparing the access addresses with predetermined address areas (AD1, AD2, AD3) (2). Upon identifying unauthorized access of the master unit to the slave unit, the access address is modified by the memory protection unit as follows (3). That is, this unauthorized access is modified to terminate (4) in the network on chip bus system (NoC).

Description

  The present invention relates generally to the field of electronic and logic circuits, and in particular to the field of so-called application specific integrated circuits or ASICs. In particular, the present invention relates to a method of accessing a slave unit in a so-called system-on-chip under control and a circuit device to which the slave unit belongs. Here, this circuit device has at least one master unit, a plurality of subordinate slave units, and a so-called network-on-chip bus system or NoC. Here, the access of the master unit to the slave unit is performed via the network-on-chip bus system using the access address.

  In particular, logic circuits or electronic circuits realized as so-called integrated circuits form the basis of electronic circuits today, especially in computer technology. Usually, such an electronic circuit or system is composed of a plurality of electronic components or electronic circuits or so-called integrated circuits (ICs) housed on individual substrates (for example, semiconductor substrates) and wired together. Thus, an integrated circuit consists of a number of different types of components and conductors on or within a single crystal substrate. First, such integration allows for a wide range of functions and use in tight spaces. Only with integrated circuits can a number of applications (e.g. applications in mobile devices, SIM cards, RFID, mobile phones etc.) become technically feasible. This is because these applications are often overly expensive, complex, performance intensive, or large (for example, for incorporation into each device, etc.). When such logic circuits or integrated circuits are created for special applications, these circuits are also referred to as application specific integrated circuits or ASIC for short.

  Due to the ever-increasing miniaturization and integration of devices, in recent years all systems with components such as processors, controllers, storage units (eg RAM, ROM, etc.), power management system components, etc. Came to be housed on top. Such a system is also referred to as system-on-chip or SoC, and is particularly small in the mobile radio domain under embedded computers, smartphones, CD and DVD devices and relatively high performance and various tasks. Used everywhere dimensions are preferred.

  In system on chip (SoC), all or most of the functions of the system are integrated on the chip. In other words, the integrated circuit is integrated on the semiconductor substrate. Usually, today's system-on-chip is not newly developed from scratch, but the concept is based at least in part on components that already exist and / or are additionally purchased. This is a so-called IP core unit or IP block (eg, processor, controller unit, peripheral device block, etc.). These IP blocks are obtained, for example, as a complete unit or as a design license and used directly in a new system-on-chip or in an appropriate form. In addition, units lacking system-on-chip are developed, for example, for a completed ASIC.

  A plurality of such system-on-chip units are internally connected via a so-called bus system. Often, especially in the case of complex system-on-chip, a hierarchical bus system or at least a segmented bus system is used. Such bus systems include, for example, a quick system bus, a slower peripheral bus, and a register bus or control bus. An approach to designing flexible and effective communication connections between system-on-chip IP blocks (eg, processor, controller unit, peripheral device block, etc.) is the so-called network-on-chip bus system or NoC. In a network-on-chip bus system, information is not exchanged between individual IP blocks of the system-on-chip (eg, processor, storage device, controller, peripheral unit, etc.) via an internal bus, It is exchanged through a layered bus architecture, conceived like a network with distribution points. Here, information or access from one component of the system on chip to another component is connected via multiple links on the path from the source component to the receiving component, for example, as a point-to-point connection or multipath connection Is done. This is, for example, the case of so-called routing in a packet mediation network. Information redirection or access from the source component to the receiving component is here performed, for example, using an access address used for routing.

  Often the so-called master-slave concept is used for access between different components of one system on chip, organizing and distributing tasks, etc. In this way, each task is distributed between the upper component (so-called master unit) and the lower component (so-called slave unit), and the management of access to a common resource (for example, a storage unit) is adjusted. The master-slave concept is advantageously used in the following cases: That is, if one or more components (eg, processor, controller, etc.) are responsible for control and task distribution of other components (eg, special processors, peripheral units, etc.) or other components (eg, storage units, buses) When access to the system, etc.) is regulated.

  System-on-chip rarely requires high safety. Therefore, in order to prevent authorized access, it is necessary to control access from the master unit to the slave unit or access authority. In the case of central processing unit components or CPUs normally available in the market for system-on-chip, for example, so-called memory management units (MMUs) or memory protection units (MPUs) are integrated for access control. Yes. In addition to other tasks, the memory protection task is also adjusted by such MMU or by MPU. In this way, access to individual memory areas or slave units, for example for code execution or writing, is blocked by each CPU.

  However, the system-on-chip usually has other master units in addition to at least one chip. From this master unit, access is made to the system-on-chip slave unit. Here, so-called direct memory access (DMA) is one mode of access. Here, a slave unit or a memory unit is directly accessed from a master unit (for example, a peripheral device unit) via a bus system (for example, NoC) without depending on the CPU. However, at present, access is not controlled by other IP components (such as a processor) of the system-on-chip. Thus, for example, unauthorized access to a slave unit can be performed by DMA. This threatens safety.

  From EP 2 461 251 a method for controlling access to a storage unit is known, for example. Here, one memory protection unit is assigned to each processor unit. This memory protection unit forms a connection to the memory unit via the system bus. In this case, the access of the processor unit to the memory unit is always via this memory protection unit. Here, processor access may indicate various access rights, or memory areas for a particular application of the processor may be blocked. In the method described in EP 2461251, the access is then examined by the processors of the two access control units of each belonging memory protection unit, and this access is performed by the two access control units, Only allowed if deemed authoritative. Here, for example, information indicating which application of the processor can access which memory area is stored in the first access control unit of the memory protection unit, and the second access of the memory protection unit is stored. A corresponding access mode or access authority (for example, write / read access, read access, etc.) is stored in the control unit. As a result, the method disclosed in EP 2461251 has the following drawbacks. That is, it has the disadvantage that many costs are required for controlled access to the memory unit, especially in programming the access control unit of the memory protection unit. Each memory protection unit should be programmed separately, in particular according to the application of the processor to which it belongs. In addition, double checking access by two access control units causes a time delay when accessing the processor. This must also be considered.

  Other methods that allow control of access to slave units in the system on chip are, for example, the incorporation of MPU protection functions or memory protection functions within each bus system being used, for example a network on chip bus system. is there. However, this method has the following drawbacks. In other words, this has the disadvantage that the function of the bus system has to be expanded. This is often associated with high costs. This is because, for example, a network-on-chip bus system for system-on-chip may be additionally purchased as a so-called IP component, and in this case, for example, a memory protection function must be added specially. In some cases, such a functional extension may further cause a time delay during access or an increase in access time. This can significantly hinder the performance of the system on chip.

DESCRIPTION OF THE INVENTION The object of the present invention is to provide controlled access to slave units in a system-on-chip, easily, without additional cost, with very short or no access delay time. It is to provide a method as well as a circuit device that makes it possible.

  The above-mentioned problem is solved by a method and a circuit arrangement in the manner described at the outset, which have been improved to have the features described in the independent claims. Advantageous embodiments of the invention are described in the dependent claims.

  In the present invention, the above-mentioned problems are solved by a method in the manner described at the outset, in which a memory protection unit is incorporated between at least one master unit and the network-on-chip bus system. With this memory protection unit, the access authority of at least one master unit to at least one slave unit is checked by comparing a predetermined address area with an access address. Upon identifying unauthorized access of at least one master unit to at least one slave unit, the access address is modified by the memory protection unit as follows. That is, such unauthorized access is corrected so as to end in the network-on-chip bus system.

  The main aspects of the method proposed by the present invention are as follows. In other words, the access of the master unit used in the system on chip to the slave unit of the system on chip is controlled without incurring additional costs such as matching to the IP block used as the master unit. It is to be. For example, unauthorized access by one or more slave units to a so-called read-only area or unauthorized access to a blocked slave unit or memory area by a master unit in this way. It can be stopped very easily and without great cost. There is no need to extend additional control functions, for example, to the network-on-chip system being used to identify and block unauthorized access. Furthermore, by means of the method of the invention, in particular by means of an access address modification which is made in some cases, the additional latency or time delay of the access is kept as low as possible by checking in the memory protection unit. There is no typical latency or time delay. This means the following: That is, the method of the present invention does not substantially increase or increase the access time of at least one master unit to at least one slave unit of the system on chip, thereby increasing the performance and efficiency of the system on chip. It means that it will not be disturbed.

  If the access of at least one master unit is not authorized, it is advantageous to map the access address to an address area of the network on chip bus system that is not used for this master unit. An unused address area in the network-on-chip system is not occupied for each master unit, or in this address area, an address of a slave unit (for example, a memory unit) is stored in the network-on-chip bus system. , Not assigned for access. This terminates the unauthorized access of the master unit in the network on chip system. This is because this access can be transmitted to the slave unit as the target unit.

  The following is recommended here. That is, a so-called interrupt is sent at the end of unauthorized access to at least one slave unit or slave unit of this system-on-chip by at least one master unit of the system-on-chip in the network-on-chip bus system. It is recommended that By this interruption, an interruption or termination of access of each master unit to the slave unit is easily transmitted to, for example, a control unit or CPU of the system on chip. The interrupt causes, for example, a non-periodic, unpredictable event, for example a prior termination of the master unit's access to a slave unit or memory area, etc. and a synchronization with the control unit or CPU. Interrupts that can also include so-called evidence registers are in this case handled by the CPU, in which case, for example, very rapidly the processing of the microprogram is continued by the CPU.

  Ideally, at least one master unit is authorized for access to at least one slave unit, at least for writing and / or reading, or for reading to at least one slave unit Is only authorized for access, or is not authorized for access to at least one slave unit. If the master unit is authorized for write and read access, for example to the slave unit, and this is established in the memory protection unit, the access address is not modified, for example, memory protection It is transmitted from the unit to the network on chip bus system. Certain access modes, such as write access, read access, etc. are not allowed in the slave unit or in the memory area, or each slave unit or each memory area is blocked for each master unit In this case, the access address is corrected by the memory protection unit after the access authority is checked, and is mapped to an unused address area of the network-on-chip bus system for the master unit.

  For this purpose, for example, access instructions can be read by software for each system-on-chip master unit, in particular the address area for comparison with the access address and thus for checking the access rights of the master unit. It is stored in the register unit of the memory protection unit. The setting of the address area for comparison with the access address of the system-on-chip master unit is ideally performed with the help of a security application, for example specific security software.

  In an advantageous development of the method according to the invention, the memory protection unit is built in the initialization phase by a special reliable building master unit via a register interface (eg a so-called Advanced Peripheral Bus-Register Interface). This means the following: That is, for example, in an initialization phase in which a system-on-chip is also constructed, in one memory protection unit or, in some cases, in a plurality of memory protection units, an address area for comparison with an access address is in the register unit. It means that it is stored. In this case, for example, the register unit may be blocked for further access or modification.

  However, alternatively, it is also possible to: That is, the address area stored in the memory unit is constructed and / or changed using special cryptographic information via a register interface (for example, a so-called Advanced Peripheral Bus-Register Interface). Is also possible. Changes using special cryptographic information (for example a 32-bit key, etc.) can also advantageously take place after the initialization phase in this case. This allows the memory protection unit to be adapted accordingly, for example during use of the system on chip.

  Furthermore, the above problem is solved by a circuit arrangement for carrying out the method of the invention. This circuit arrangement through which controlled access can be made in the system on chip is at least for at least one master unit, at least one slave unit, and the connection between the master unit and the slave unit Network on-chip bus system. In the circuit device of the present invention, a memory protection unit is incorporated between at least one master unit and the network-on-chip bus system. The memory protection unit is formed for an access check by comparing an access address with a predetermined address area, as well as an access address for an unauthorized access to at least one slave unit by at least one master unit. For correction, it is formed as follows. That is, it is configured so that unauthorized access is blocked in the network on chip bus system.

  The advantages obtained by the circuit arrangement according to the invention are in particular: That is, it is possible to prevent unauthorized access to the slave unit by the master unit easily and at no additional cost (for example, when designing or developing a system-on-chip). For example, access control is not necessary to change, functionally extend or align the IP block used for the system on chip, which is the master unit, or the network on chip bus system used. Furthermore, with the circuit arrangement according to the invention, the access waiting time or time delay for access to the slave unit is kept as short as possible or not increased by checking each access authority. It is also unnecessary to terminate the network-on-chip bus system protocol that has an effect on access latency, and unauthorized access is easily terminated or blocked within the network-on-chip bus system.

  The memory protection unit advantageously comprises at least one control logic for checking the access address, a modification unit for modifying the access address, and at least one register unit. Here, the register unit stores a predetermined address area or an access instruction. By means of the control logic, for example, the settings and signals of the master unit accessing the slave unit are interpreted and processed. Based on such information, for example, the access authority can be triggered or executed by the control unit using a comparison between a predetermined address area and an access address. Even when unauthorized access is confirmed, the access logic is corrected by the control unit by this control logic circuit.

  In at least one register unit of the memory protection unit, a predetermined address area is stored for comparison with each access address. As a result, each slave unit or memory (each used in the system on chip) The access instruction or access authority of the master unit to (area) is stored. At least one register unit of the memory protection unit, for example a memory protection unit, can advantageously be constructed via a register interface, for example a so-called Advanced Peripheral Bus-Register Interface. This construction is performed by a special, reliable construction master unit, for example in the initialization phase. The memory protection unit or register unit is in this case blocked, for example, from access or modification. Alternatively, however, the address field may be changed via the register interface, in particular by knowing special cryptographic information (for example a 32-bit key, etc.) in at least one register unit. If such cryptographic information is not known, at least one register unit of the memory protection unit is protected from access via the register interface.

FIG. 2 exemplarily and schematically shows a circuit arrangement for performing a controlled access method to at least one slave unit in a system on chip, as well as the flow of such a method of the invention.

  The invention will now be described by way of example with reference to the accompanying drawings. FIG. 1 schematically and exemplarily illustrates the inventive method for controlled access by at least one master unit MA to at least one slave unit S1, S2, S3, S4 in a system on chip. The circuit device to be executed is shown. The circuit device shown as an example is at least one part of the system on chip. The system on chip may further include other components or IP units in addition to the illustrated circuit device. This is, for example, a control unit or CPU, an input unit, an output unit, or another master unit (for example, a coprocessor). However, these components or IP units are not shown for simplicity.

  The circuit device of the present invention comprises at least one master unit MA (for example, direct memory access such as peripheral device unit, controller, coprocessor, etc.) and at least one slave unit S1, S2, S3, S4. The slave units S1, S2, S3, S4 can be, for example, peripheral device units, input / output units, memory units or memory areas. For example, write access, read access, or execution access can be performed on the slave units S1, S2, S3, and S4 according to the access authority of the master unit MA. Alternatively, the slave units S1, S2, S3, S4 are blocked with respect to the master unit MA. The access of the master unit MA to the slave units S1, S2, S3, S4 is performed via the network-on-chip bus system NoC of the circuit device using the access address ZA. This forms a connection between circuit devices or system-on-chip components. In the network on chip bus system NoC, corresponding addresses or address areas are occupied for access to the slave units S1, S2, S3, S4. Furthermore, at least one unoccupied or unused address area nA exists in the network-on-chip bus system NoC. This is not occupied for example by the master unit MA.

  In the circuit device of the present invention, a memory protection unit MPU is incorporated between at least one master unit MA and the network-on-chip system NoC. The memory protection unit MPU has at least one control logic circuit KL, a modification unit MO, and at least one register unit RE. Furthermore, a register interface RS, for example, an advanced peripheral bus-register interface, is also provided.

  The control logic KL of the memory protection unit MPU, for example, for processing the configuration information and signal information SE of at least one master unit MA and for invoking the examination of the access address ZA transmitted by the master unit MA Used. By means of the modification unit MO, the access address ZA is possibly modified as follows in the case of unauthorized access of the master unit MA to the slave units S1, S2, S3, S4. That is, it is modified so that this access of the master unit in the network on chip bus system NoC is completed. That is, when an unauthorized access of the master unit MA is identified, the memory protection unit MPU changes the access address ZA to the modified access address mZA. In the network on chip bus system NoC, this is mapped to an address area nA that is not used in the network on chip bus system NoC.

  In order to identify unauthorized access of the master unit MA, the set address areas AD1, AD2, AD3 are stored in the register unit RE of the memory protection unit MPU. This access instruction is read and processed by, for example, a software application, for example, by the control logic circuit KL. Access instructions for all accesses (for example, write access and read access) to the slave units S1, S2, S3, and S4 are stored in the address areas AD1, AD2, and AD3, for example, in the first address area AD1, In the second address area AD2, an access instruction for restricted access to the slave units S1, S2, S3, S4 (for example, only read access) is stored, and in the third address area AD3, the slave units S1, Access instructions for blocked access to S2, S3, S4 are stored. When accessing the master unit MA, the access address ZA is compared with predetermined address areas AD1, AD2, and AD3, thereby determining whether the access is authorized or unauthorized. The

  A register interface RS is provided for the construction of the memory protection unit MPU or the register unit. This construction is carried out by a special, reliable construction master unit, for example in the initialization phase, for example a late platform, whose functionality is finally obtained, for example, by corresponding construction / initialization. This is done when initializing. When a plurality of memory protection units MPU are provided in one system-on-chip, for example, address areas AD1, AD2, and AD3 are provided in a safe area at the top level. That is, after each register unit RE or each memory protection unit MPU is built, it is blocked against access or modification.

  Alternatively, for example, in the case of a complex system-on-chip having a plurality of memory protection units MPU, the address areas AD1, AD2, AD3 stored in the register unit RE of the memory protection unit MPU are special Knowing and using cryptographic information (eg, a 32-bit key) may be constructed or modified via the register interface RS. The address areas AD1, AD2, and AD3 stored in the register unit RE are protected by encryption information and can be changed using the encryption information in some cases.

  In order to implement the method of the invention and to control the access of the master unit MA to the slave units S1, S2, S3, S4 in the system on chip, in a first step 1, the memory protection unit MPU It is incorporated between the master unit MA and the network on chip bus system NoC. When the slave unit S1, S2, S3, S4 is accessed by the master unit MA, in the second step 2, on the other hand, the setting information and signal information SE of the master unit MA are controlled by the memory protection unit MPU. On the other hand, the access address ZA is transmitted to the modification unit MO of the memory protection unit MPU. Next, in the second step, the access address ZA is compared with the predetermined address areas AD1, AD2, AD3 by the memory protection unit MPU or the control logic circuit KL and the modification unit MO. Thereby, each access authority of the master unit MA to each of the slave units S1, S2, and S3 to be accessed by the master unit MA is checked.

  Next, depending on which predetermined address areas AD1, AD2, and AD3 the access address ZA of the master unit MA belongs to, in the third step 3, the access address ZA of the master unit is not changed and the network on-chip is changed. It is transmitted to the bus system NoC or modified by the modification unit MO of the memory protection unit MPU. For example, when the master unit MA should write access and read access to the slave units S1, S2, S3, S4, and the access address ZA is the first address for complete access or write and read access If it is found in the area AD1, the access address ZA is further transmitted to the network-on-chip bus system NoC in the third step 3 without being changed. Correspondingly, from the network on chip bus system NoC, the access is transferred by the master unit MA to the slave units S1, S2, S3, S4 which are accessed for writing and reading.

  When the master unit MA has read access to the slave units S1, S2, S3, and S4, and the master unit MA is also authorized to do so, in the second step 2, the access address ZA is predetermined. When the memory protection unit MPU is compared with the address areas AD1, AD2, and AD3, the access address is provided in the second address area for limited access or read-only access. decide. In the third step 3, the access address ZA of the master unit MA is then transmitted to the network on chip bus system NoC without being changed. In the network-on-chip bus system, in the fourth step 4, the addresses of the corresponding slave units S1, S2, S3, S4 are then determined on the basis of the access addresses, and the master unit MA accesses the slave units S1, It is transmitted to S2, S3 and S4. Next, read access from the master unit MA to the slave units S1, S2, S3, and S4 is performed.

  However, although the master unit MA is only authorized for read access to the slave units S1, S2, S3, S4, for example, writing to and reading from the slave units S1, S2, S3, S4 When an access is attempted, the following is determined in the second step 2 by the memory protection unit MPU. That is, the access address ZA belongs to the second address area AD2 for read access only, and the master unit MA is not authorized for all accesses (write access and read access). Is confirmed. Next, in a third step 3, the access address ZA is changed to the modified access address mZA by the modification unit MO of the memory protection unit MPU. The modified access address mZA is then transferred to the network on chip bus system NoC. Since the modified access address mZA is mapped to an unused address area nA in the network-on-chip bus system NoC, this access without the authority of the master unit MA is the first in the network-on-chip bus system NoC. In step 4 of FIG. This end of access is then communicated to the system-on-chip control unit or CPU by means of a so-called interrupt, for example including an evidence register.

  For example, the same measures are taken when the master unit MA attempts write and read access or read only access to the blocked slave units S1, S2, S3, S4. Based on the access address ZA of the master unit MA, the memory protection unit MPU has no authority for access to the slave units S1, S2, S3, S4 in the second step 2. Decide that. In this case, the access address ZA is found in the third address area AD3 for the blocked access. Next, in a third step 3, the access address ZA is changed to the corrected access address mZA by the correction unit MO of the memory protection unit MPU. The modified access address mZA is transmitted again to the network on chip bus system NoC. Here, next, in the fourth step 4, the following is determined. That is, the corrected access address mZA points to an unused address area nA of the network on chip bus system NoC, and it is determined that this access of the master unit MA is finished. This is again transmitted to the system-on-chip CPU by an interrupt.

Claims (10)

An access method under the control of at least one master unit (MA) to at least one slave unit (S1, S2, S3, S4) via a so-called network on chip bus system (NoC) in the system on chip. And
Said at least one slave unit (S1, S2, S3, S4) is in particular a memory unit and / or an input / output unit;
Access of the at least one master unit (MA) to the at least one slave unit (S1, S2, S3, S4) via the network-on-chip bus system (NoC) with an access address (ZA) In the method to be used,
A memory protection unit (MPU) is incorporated between the at least one master unit (MA) and the network on chip bus system (NoC) (1),
The memory protection unit (MPU) assigns the access authority of the at least one master unit (MA) to the at least one slave unit (S1, S2, S3, S4) and the access address (ZA) as a predetermined value. Check by comparing with the address area (AD1, AD2, AD3) (2)
Upon identifying that access by the at least one master unit (MA) is not authorized, the memory protection unit (MPU) changes the access address (ZA) as follows (3): The unauthorized access is changed to terminate (4) in the network on chip bus system (NoC).
A method characterized by that.   When the access by the at least one master unit (MA) is not authorized, the access address (ZA) is used for the master unit (MA) of the network on chip bus system (NoC). 2. The method according to claim 1, wherein the mapping is to a non-addressed area (nA).   Method according to claim 1 or 2, wherein a so-called interrupt is sent in case of unauthorized access of the at least one master unit (MA) which is terminated in the network on chip bus system (NoC).   The at least one master unit (MA) is authorized for at least write and / or read access to the at least one slave unit (S1, S2, S3, S4); 4. A method according to any one of claims 1 to 3, wherein an authority is given to access only for reading, or an authority is not given to access.   The address area (AD1, AD2, AD3) for comparison with the access address (ZA) of the at least one master unit (MA) is set by a security application, and a register unit (MPU) of the memory protection unit (MPU) 5. The method according to claim 1, wherein the address area (AD1, AD2, AD3) is stored in (RE).   The method according to any one of claims 1 to 5, wherein in the initialization phase, the memory protection unit (MPU) is constructed by a special, special construction master unit via a register interface (RS).   The address area (AD1, AD2, AD3) stored in the memory protection unit (MPU) is constructed and / or changed using special cryptographic information via a register interface (RS) The method according to any one of claims 1 to 5. A circuit device for controlled access in a so-called system-on-chip,
The circuit device implements the method of the invention according to claims 1 to 7,
The circuit device includes at least one master unit (MA), at least one slave unit (S1, S2, S3, S4), and a so-called network on chip bus system (NoC), and the network on chip bus system. (NoC) is a circuit device that connects the at least one master unit (MA) and the at least one slave unit (S1, S2, S3, S4),
A memory protection unit (MPU) is incorporated between the at least one master unit (MA) and the network-on-chip bus system (NoC);
The memory protection unit (MPU) is configured to check access by comparing an access address (ZA) with a predetermined address area (AD1, AD2, AD3), and the at least one slave unit (S1) , S2, S3, S4), if no authority is granted for access by the at least one master unit (MA), the unauthorized access is terminated in the network-on-chip bus system (NoC). Configured to modify the access address (ZA),
A circuit device characterized by that.   The memory protection unit (MPU) includes at least one control logic circuit (KL) for examining an access address (ZA), a modification unit (MO) for modifying an access address, and the predetermined address area (AD1). , AD2, AD3) and at least one register unit (RE).   The circuit device according to claim 8 or 9, wherein the at least one register unit (RE) of the memory protection unit (MPU) can be constructed via a register interface (RS).

Images